使用winpcap定制TCP包发送

by: 云舒
2008-05-08
http://www.ph4nt0m.org

前些时候做DOS方面的测试，由于协议学得不够好，有些回应不记得，所以就首先想到用hping来定制一些包，看看远程主机的回应。结果下载 的hping死活都不发包，换了多个不同版本的winpcap都不行。一怒之下，决定自己写个简单的。首先想到的是perl来做，最后觉得一样要安装 winpcap还有很多别的模块，不如直接c来实现一下，来得更痛快。

需要说明一下的是，在以太网头那里我故意偷懒了，没有获取本机的MAC地址而是写了个错误的。所以给内网用户发包的话，能发出去，只是你收不到回应了，发给外网就没这个问题，这是因为同交换机下面靠MAC地址来定位的。

最后一点，这里所有的包，目的MAC地址都是写的MAC，通过网关把数据转发出去的。虽然同交换机下面可以直接通过MAC定位，但是我懒得判断，直接发送给网关再转发会比较简单。

/* Code By yunshu, 2008-05-08, Make tcp packet to send to remote server
* I don’t know which version of winpcap needed by hping, so I wrote this code.
* Under winpcap 4.0.2, Dev-CPP 4.9.9.2, windows xp professional sp2
*/

#include <stdio.h>
#include <string.h>
#include <winsock2.h>
#include <iphlpapi.h>
#include <unistd.h>
#include <pcap.h>
#include <remote-ext.h>

#define IP_PROTO    0×0800

char    LocalIP[20] = { 0 };
char    InterfaceName[256] = { 0 };
char    GatewayIP[20] = { 0 };
BYTE    GatewayMac[6];

typedef struct et_header
{
    unsigned char   eh_dst[6];
    unsigned char   eh_src[6];
    unsigned short  eh_type;
}ET_HEADER;

typedef struct ip_hdr
{
    unsigned char       h_verlen;
    unsigned char       tos;
    unsigned short      total_len;
    unsigned short      ident;
    unsigned short      frag_and_flags;
    unsigned char       ttl;
    unsigned char       proto;
    unsigned short      checksum;
    unsigned int        sourceIP;
    unsigned int        destIP;
}IP_HEADER;

typedef struct tcp_hdr
{
    unsigned short    th_sport;
    unsigned short    th_dport;
    unsigned int    th_seq;
    unsigned int    th_ack;
    unsigned char    th_lenres;
    unsigned char    th_flag;
    unsigned short    th_win;
    unsigned short    th_sum;
    unsigned short    th_urp;
}TCP_HEADER;

typedef struct tsd_hdr
{
    unsigned long    saddr;
    unsigned long    daddr;
    char            mbz;
    char            ptcl;
    unsigned short    tcpl;
}PSD_HEADER;

unsigned short CheckSum(unsigned short * buffer, int size)
{
    unsigned long   cksum = 0;

    while (size > 1)
    {
        cksum += *buffer++;
        size -= sizeof(unsigned short);
    }
    if (size)
    {
        cksum += *(unsigned char *) buffer;
    }
    cksum = (cksum >> 16) + (cksum & 0xffff);
    cksum += (cksum >> 16);

    return (unsigned short) (~cksum);
}

/*
void GetLocalIP( )
{
    WORD        wVersionRequested;
    WSADATA        wsaData;
    char        name[255];
    PHOSTENT    hostinfo; 

    wVersionRequested = MAKEWORD( 2, 0 );

    if( WSAStartup( wVersionRequested, &wsaData ) == 0 )
    {
        if( gethostname( name, sizeof(name) ) == 0 )
        {
         &n

[1] [2] [3] [4] [5] 下一页